Appl. No. 09/998,926 PATENT 
Amdt. dated: June 27, 2006 

Amendment under 3 7 CFR §1.114 Request for Continued 
Examination 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings of claims in the 
application: 

Listing of Claims: 

1-14. (Canceled) 

15. (Previously Presented) A method for identifying members of a group, 
comprising the steps of: 

determining dynamic members of a first group based on a rule that defines 
dynamic membership for said first group, wherein said rule is stored in a dynamic rule attribute 
of an identity profile of said first group; 

storing an identification of each of said dynamic members of said first group; 

receiving a request to report members of said first group, said request is received 
subsequent to said step of storing; and 

reporting said dynamic members of said first group in response to said request, 
said reporting of said dynamic members is performed based on said stored identification of said 
dynamic members. 

16. (Previously Presented) A method according to claim 15, wherein: 
said first group includes one or more static members; 

an identification of each of said static members is stored in a static member 
attribute for said identity profile of said first group; and 

said identification of each of said dynamic members is stored in said static 
member attribute for said identity profile of said first group. 
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17. (Previously Presented) A method according to claim 15, wherein: 
said first group includes one or more static members; 

an identification of each of said static members is stored in a static member 

attribute for said identity profile of said first group; 

said identity profile of said first group also includes an expansion attribute; and 
said method can only be performed if said expansion attribute includes an 

appropriate value. 

18. (Previously Presented) A method according to claim 17, wherein: 

said method can only be performed for an entity having access to said expansion 
attribute and said dynamic rule attribute. 

19. (Original) A method according to claim 15, wherein: 
said steps of determining and storing are automatically repeated. 

20. (Original) A method according to claim 15, wherein: 

said steps of determining, storing and receiving are performed by an integrated 
identity and access system. 

21. (Original) A method according to claim 20, wherein: 

said integrated identity and access system is capable of performing authorization 
services based on membership in said first group. 

22. (Original) A method according to claim 15, further comprising the steps 

of: 

determining nested members of said first group; and 

storing an identification of each of said nested members of said first group, said 
step of reporting includes reporting said nested members based on said stored identification of 
said nested members. 
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23. (Original) A method according to claim 22, wherein: 

said nested members include members of multiple levels of nested groups. 

24. (Original) A method according to claim 22, wherein: 

said step of determining nested members includes recursively determining 
members of group members. 

25. (Original) A method according to claim 22, wherein: 
said first group includes one or more static members; and 
said step of reporting includes reporting said static members. 

26. (Previously Presented) A method according to claim 22, wherein said step 
of determining nested members includes the steps of: 

determining all static group members of said first group; 

determining all static and dynamic members of said static group members of said 

first group; 

determining all static group members of said static group members of said first 

group; and 

determining all members of said static group members of said static group 
members of said first group. 

27. (Previously Presented) A method according to claim 22 wherein: 

said first group and nested groups of said first group include rules defining criteria 
for being dynamic members; and 

said step of determining dynamic members includes the steps of determining a 
normalized set of said rules and determining which users are defined by said normalized set of 
said rules, said users defined by said normalized set of said rules are said dynamic members of 
said first group. 
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28. (Original) A method according to claim 15, wherein: 
said first group includes one or more static members; and 
said step of reporting includes reporting said static members. 

29-34. (Canceled) 

35. (Previously Presented) One or more processor readable storage devices 



having processor readable code embodied on said processor readable storage devices, said 
processor readable code for programming one or more processors to perform a method 
comprising the steps of: 

determining dynamic members of a first group based on a rule that defines 
dynamic membership for said first group, wherein said rule is stored in a dynamic rule attribute 
of an identity profile of said first group; 



storing an identification of each of said dynamic members of said first group; 
receiving a request to report members of said first group, said request is received 



subsequent to said step of storing; and 

reporting said dynamic members of said first group in response to said request, 
said reporting of said dynamic members is performed based on said stored identification of said 
dynamic members. 

36. (Original) One or more processor readable storage devices according to 
claim 35, wherein: 



37. (Original) One or more processor readable storage devices according to 
claim 36, wherein: 

said steps of determining and storing are automatically repeated. 



said 



said 



first group includes one or more static members; and 
step of reporting includes reporting said static members. 
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38. (Original) One or more processor readable storage devices according to 
claim 36, wherein: 

said steps of determining, storing and receiving are performed by an integrated 
identity and access system. 

39. (Original) One or more processor readable storage devices according to 
claim 36, wherein said method further comprises the steps of: 

determining nested members of said first group, said nested members include 
members of multiple levels of nested groups; and 

storing an identification of each of said nested members of said first group, said 
step of reporting includes reporting said nested members based on said stored identification of 
said nested members. 

40-43. (Canceled) 

44. (Previously Presented) An apparatus that can determine members of a 
group, comprising: 

a communication interface; and 

one or more processors in communication with said communication interface, 
said one or more processors perform a method comprising the steps of: 

determining dynamic members of a first group based on a rule that defines 
dynamic membership for said first group, wherein said rule is stored in a dynamic rule attribute 
of an identity profile of said first group and said first group includes one or more static members, 

storing an identification of each of said dynamic members of said first 

group, 

receiving a request to report members of said first group, said request is 
received subsequent to said step of storing, and 
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reporting said static members and said dynamic members of said first 
group in response to said request, said reporting of said dynamic members is performed based on 
said stored identification of said dynamic members. 

45. (Original) An apparatus according to claim 44, wherein: 
said steps of determining and storing are automatically repeated. 

46. (Original) An apparatus according to claim 44, wherein: 

said steps of determining, storing and receiving are performed by an integrated 
identity and access system. 

47. (Original) An apparatus according to claim 44, wherein said method 
further comprises the steps of: 

determining nested members of said first group, said nested members include 
members of multiple levels of nested groups; and 

storing an identification of each of said nested members of said first group, said 
step of reporting includes reporting said nested members based on said stored identification of 
said nested members. 

Please add the following new claims: 

48. (New) An integrated identity and access system comprising: 

an identity system adapted to determine dynamic members of a first group based 
on a rule that defines dynamic membership for said first group, wherein said rule is stored in a 
dynamic rule attribute of an identity profile of said first group, store an identification of each of 
said dynamic members of said first group, receive a request to report members of said first 
group, said request is received subsequent to said step of storing, and report said dynamic 
members of said first group in response to said request, said reporting of said dynamic members 
is performed based on said stored identification of said dynamic members; and 
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an access system adapted to perform authentication services based on membership 
in said first group. 

49. (New) The integrated identity and access system of claim 48, wherein: 
said first group includes one or more static members; 

an identification of each of said static members is stored in a static member 
attribute for said identity profile of said first group; and 

said identification of each of said dynamic members is stored in said static 
member attribute for said identity profile of said first group. 

50. (New) The integrated identity and access system of claim 48, wherein the 
identity system is further adapted to determine nested members of said first group and store an 
identification of each of said nested members of said first group and wherein said reporting 
includes reporting said nested members based on said stored identification of said nested 
members. 

51. (New) The integrated identity and access system of claim 50, wherein the 
identity system is adapted to determine nested members by: 

determining all static group members of said first group; 

determining all static and dynamic members of said static group members of said 

first group; 

determining all static group members of said static group members of said first 

group; and 

determining all members of said static group members of said static group 
members of said first group. 

52. (New) The integrated identity and access system of claim 50, wherein 
said first group and nested groups of said first group include rules defining criteria for being 
dynamic members and the identity system is adapted to determine dynamic members by 
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determining a normalized set of said rules and determining which users are defined by said 
normalized set of said rules, said users defined by said normalized set of said rules are said 
dynamic members of said first group. 
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